Transcript v6ops-15
RANGER, VET, SEAL and IRON Fred L. Templin – IETF77 [email protected] BOEING is a trademark of Boeing Management Company. Copyright © 2010 Boeing. All rights reserved. Routing and Addressing in Networks with Global Enterprise Recursion (RANGER) Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • Recursively-nested connected local network regions joined by Enterprise Border Routers (EBRs) – a network-of-networks • each distinct local network region is an “enterprise” unto itself • example use cases: • • • • • • Internet interdomain core large academic campus network corporate enterprise network ISP networks civil aviation networks Mobile Ad-hoc Networks Copyright © 2010 Boeing. All rights reserved. How RANGER Works Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • RANGER “concatenates” enterprises into a path with recursive re-encapsulation • Internet Protocol, Version 4 (IPv4) for local routing and addressing • Internet Protocol, Version 6 (IPv6) for global routing and addressing •Routing scaling through spatial reuse of local addressing (RLOCs) with mapping system for global addresses (EIDs) •Global communications through recursive re-encapsulation across local routing regions (EIDs) •VET and SEAL Internet IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv6 Copyright © 2010 Boeing. All rights reserved. A RANGER Path Constructed using CATNET Principles IPv6 Virtual Enterprise Traversal (VET) Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • Concerns traversal of a single enterprise within the recursive nesting • automatic tunneling over Non-Broadcast, Multiple Access (NBMA) links • EBR discovery to discover exit routers for getting off the enterprise: • default routes through “default mappers” connected to provider networks • more-specific routes through EBRs connected to peer networks • Secure Redirection • Router-to-router tunneling • Only border routers are modified • Version 2 of ISATAP Copyright © 2010 Boeing. All rights reserved. How VET Works Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology < Default Mappers > IPv4 network IPv6 network Copyright © 2010 Boeing. All rights reserved. IPv6 network Subnetwork Encapsulation and Adaptation Layer (SEAL) Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • tunneling adds encapsulation overhead that reduces the path MTU as seen by the original source • avoid path MTU discovery if possible due to unnecessary packet loss; black-holing due to ICMP filtering • have the tunnel do transparent link-layer adaptation • tunnel ingress discovers MRU of tunnel egress • end result is 1500 and larger gets through SEAL supports synchronization between tunnel endpoints, so off-path DOS attacks are prevented Copyright © 2010 Boeing. All rights reserved. How SEAL Works Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology < Default Mappers > IPv4 network IPv6 network Copyright © 2010 Boeing. All rights reserved. IPv6 network The Internet Routing Overlay Network (IRON) Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • Routing Information Base includes small number of coarse-grained “Virtual Prefixes” (e.g., a few ::/8’s) • Dynamic routing protocols (OSPF, BGP) exchange Virtual Prefixes (VPs) • More-specific prefixes added to router FIBs ondemand and data driven (based on secure redirection) • Most router FIBs contain only a few more-specifics • Hybrid routing with dynamic routing protocols in the RIB and on-demand data-driven in the FIB Copyright © 2010 Boeing. All rights reserved. Civil Aviation Example Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology IPv 6 IPv 6 European-Regional ANSP IPv 6 Asian-Regional ANSP Global ATN Backbone Routing and Addressing Domain (IPv4) US-Regional ANSP ATC Workstation Air Traffic Control Functional Domain Global Internet (IPv6) Copyright © 2010 Boeing. All rights reserved. Enterprise Network Example Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • & Addressing in Next Generation EnteRprises (RANGER) • PRouting • Network-of-networks architecture • • • • • Minimal touch-points (border routers only) No changes to most hosts and routers Fully-provisioned IP services; balanced blend of tunneling, translation and native Gradual integration of IPv6 • Customer-driven requirements lead policy and strategy • IPv6 and IPv4 in peaceful co-existence • It’s not an “either-or” decision Tangible Benefits • Secure Mobile Architecture (SMA) • simplified management • logical partitioning • traffic engineering • end-to-end addressing • mobility and multihoming IPv4 Internet IPv6 Internet Enterprise Network Enterprise EnterpriseNetwork Network Initial IPv6 Deployment Fully Provisioned IP Services Advanced IPv4-Only IPv6 Deployment Copyright © 2010 Boeing. All rights reserved. Engineering, Operations & Technology | Boeing Research & Technology FaST | Networked Systems Technology • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) http://www.ietf.org/rfc/rfc5214.txt • Routing and Addressing in Networks with Global Enterprise Recursion (RANGER) http://www.ietf.org/rfc/rfc5720.txt • RANGER Scenarios http://tools.ietf.org/html/draft-russert-rangers • Virtual Enterprise Traversal (VET) http://www.ietf.org/rfc/rfc5558.txt http://tools.ietf.org/html/draft-templin-intarea-vet • Subnetwork Encapsulation and Adaptation Layer (SEAL) http://www.ietf.org/rfc/rfc5320.txt http://tools.ietf.org/html/draft-templin-intarea-seal • The Internet Routing Overlay Network (IRON) http://tools.ietf.org/html/draft-templin-iron Copyright © 2010 Boeing. All rights reserved.